SSL installation via certbot - jigneshpshah/greycube_helpmanual GitHub Wiki
[A] Remove certbot-auto and install certbot
sudo apt update
sudo apt install snapd
sudo snap install core; sudo snap refresh core
sudo apt-get remove certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Ref:https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx
$ bench config dns_multitenant on $ sudo service nginx stop (1)$ sudo certbot certonly --standalone It will ask questions..domain name.ex Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): abc.xyz.com it would give output..like below..note the certificate path generated and ensure same is in site_config.json /etc/letsencrypt/live/abc.xyz.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/abc.xyz.com/privkey.pem ensure same is in site_config.json (2)frappe@vmi494576:~/frappe-bench/sites/abc.xyz.com$ nano site_config.json "ssl_certificate":"/etc/letsencrypt/live/abc.xyz.com/fullchain.pem", "ssl_certificate_key":"/etc/letsencrypt/live/abc.xyz.com/privkey.pem" bench --site demo14.greycube.in set-config ssl_certificate `sslpath` bench --site demo14.greycube.in set-config ssl_certificate_key `keypath` (2.2) take backup of nginx /frappe-bench/config$ cp nginx.conf nginx.conf_mar_2 (3)~/frappe-bench$ bench setup nginx (4)/frappe-bench$ sudo service nginx start (5)~/frappe-bench$ sudo service nginx reload <-- **donot forget**
Ref:https://discuss.erpnext.com/t/certbot-auto-replaced-with-certbot/67692
to view certificate
certbot certificates ref: https://certbot.eff.org/docs/using.html#:~:text=You%20can%20use%20certonly%20or,Certbot%20updates%20the%20existing%20certificate.
[c] Auto renewal
Login as root or a user with superuser privileges
and run: date (you will get client's time zone like:CEST etc.)
then run crontab -e and enter:
Set time zone from: [Set time zone](https://www.worldtimebuddy.com/)
MAILTO="[email protected]" # run every first friday of month at 12:30 midnight 30 0 1-7 * 5 && sudo service nginx stop && sudo certbot renew --quiet && sudo service nginx start # renew letsencrypt certificates on 1st Monday of every month and get an email if it gets executed # 0 0 1-7 * * [ "$(date '+\%a')" = "Mon" ] && sudo service nginx stop && sudo certbot renew && sudo service nginx start # renew letsencrypt certificates on 1st Sunday of every month and get an email if it gets executed MAILTO="[email protected]" 30 1 1-7 * 7 sudo service nginx stop && sudo certbot renew && sudo service nginx start # renew letsencrypt certificates on 1st Friday of every month and get an email if it gets executed 30 1 1-7 * 5 sudo service nginx stop && sudo certbot renew && sudo service nginx start MAILTO="[email protected],[email protected]" # run at 2:30 early morning saudi arabia time(CEST) on 1st and 3rd friday of every month 30 1 1-7 * * [ $(date +\%u) = 5 ] && sudo service nginx stop && sudo certbot renew && sudo service nginx start 30 1 15-21 * * [ $(date +\%u) = 5 ] && sudo service nginx stop && sudo certbot renew && sudo service nginx start
[D] DELETE CERTIFICATE
certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem certbot delete --cert-name example.com OR `sudo certbot delete --cert-name example.com` once deleted need to run bench setup nginx
[E] Renew single CERTIFICATE
`sudo certbot renew --cert-name domain1.com
https://eff-certbot.readthedocs.io/en/stable/using.html#certbot-command-line-options
[F] some errors
https://codewithkarani.com/2022/08/03/unknown-log-format-main-nginx/
- create A record pointing to new.greycube.in
- create SSL for new.greycube.in
- update site_config.json with
"ssl_certificate":"/etc/letsencrypt/live/new.greycube.in/fullchain.pem",
"ssl_certificate_key":"/etc/letsencrypt/live/new.greycube.in/privkey.pem",
"host_name": "new.greycube.in"
- cd sites
- mv old.greycube.in new.greycube.in
- cd ..
- sudo certbot delete --cert-name old.greycube.in
- sudo service nginx stop
- bench setup nginx
- sudo service nginx start
[G] from IP to URL
It is IP based access
rename site to url
backup conf folder nginx and superviosr
B] Get certificate : frappe user
[c] Auto renewal